exports.checkPermissions = function (req, permissions) {
  if (req.cookies && req.cookies['sessionid']) {
    if (_.intersection(permissions, req.user.permissions).length > 0) {
      return true
    }
  }
  return false
}